<?php
/**
* @file $Id: Profiles.php 543 2007-06-03 22:02:50Z focus-sis $
* @package Focus/SIS
* @copyright Copyright (C) 2006 Andrew Schmadeke. All rights reserved.
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.txt
* Focus/SIS is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See COPYRIGHT.txt for copyright notices and details.
*/

DrawHeader(ProgramTitle());

if($_REQUEST['profile_id'])
{
	$profile_RET = DBGet(DBQuery("SELECT PROFILE FROM USER_PROFILES WHERE ID='".$_REQUEST['profile_id']."'"));
	if($profile_RET[1]['PROFILE']!=User('PROFILE'))
	{
		$old_profile = $_FOCUS['User'][1]['PROFILE'];
		$_FOCUS['User'][1]['PROFILE'] = $profile_RET[1]['PROFILE'];
		unset($_FOCUS['Menu']);
		unset($menu);
		include 'Menu.php';
		$_FOCUS['User'][1]['PROFILE'] = $old_profile;
	}
}
else
	include('Menu.php');

if($_REQUEST['profile_id'])
{
	$exceptions_RET = DBGet(DBQuery("SELECT PROFILE_ID,MODNAME,CAN_USE,CAN_EDIT FROM PROFILE_EXCEPTIONS WHERE PROFILE_ID='".$_REQUEST['profile_id']."'"),array(),array('MODNAME'));
	//$featured_RET = DBGet(DBQuery("SELECT PROFILE_ID,MODNAME FROM PORTAL_PROGRAMS WHERE PROFILE_ID='$_REQUEST[profile_id]'"),array(),array('MODNAME'));
}

if($_REQUEST['modfunc']=='delete' && AllowEdit())
{
	$profile_RET = DBGet(DBQuery("SELECT TITLE FROM USER_PROFILES WHERE ID='$_REQUEST[profile_id]'"));

	if(Prompt(_('Confirm Delete'),_('Are you sure you want to delete the user profile').' <i>'.$profile_RET[1]['TITLE'].'</i>?',_('Users of that profile will retain their permissions as a custom set which can be modified on a per-user basis through the User Permissions program.')))
	{
		DBQuery("DELETE FROM USER_PROFILES WHERE ID='".$_REQUEST['profile_id']."'");
		DBQuery("DELETE FROM USER_EXCEPTIONS WHERE USERNAME IN (SELECT USERNAME FROM USERS WHERE PROFILE_ID='".$_REQUEST['profile_id']."')");
		DBQuery("INSERT INTO USER_EXCEPTIONS (USERNAME,MODNAME,CAN_USE,CAN_EDIT) SELECT s.USERNAME,e.MODNAME,e.CAN_USE,e.CAN_EDIT FROM USERS s,PROFILE_EXCEPTIONS e WHERE s.PROFILE_ID='$_REQUEST[profile_id]' AND s.PROFILE_ID=e.PROFILE_ID");
		DBQuery("DELETE FROM PROFILE_EXCEPTIONS WHERE PROFILE_ID='".$_REQUEST['profile_id']."'");
		unset($_REQUEST['modfunc']);
		unset($_REQUEST['profile_id']);
	}
}

if($_REQUEST['modfunc']=='update' && AllowEdit() && !$_REQUEST['new_profile_title'])
{
	$categories_RET = DBGet(DBQuery("SELECT ID,TITLE FROM STUDENT_FIELD_CATEGORIES ORDER BY SORT_ORDER,TITLE"));
	foreach($categories_RET as $category)
	{
		$file = 'Students/Student.php&category_id='.$category['ID'];
		$_FOCUS['Menu']['Students'][$file] = ' &nbsp; &nbsp; &rsaquo; '.$category['TITLE'];
	}					

	foreach($_FOCUS['Menu'] as $modcat=>$values)
	{
		foreach($values as $modname=>$title)
		{
			if(!is_numeric($modname))
			{
				if(!count($exceptions_RET[$modname]) && ((!$_REQUEST['can_edit'][str_replace('.','_',$modname)] && $profile_RET[1]['PROFILE']=='admin') || !$_REQUEST['can_use'][str_replace('.','_',$modname)]))
					DBQuery("INSERT INTO PROFILE_EXCEPTIONS (PROFILE_ID,MODNAME) values('".$_REQUEST['profile_id']."','$modname')");
				elseif(count($exceptions_RET[$modname]) && ($_REQUEST['can_edit'][str_replace('.','_',$modname)] || $profile_RET[1]['PROFILE']!='admin') && $_REQUEST['can_use'][str_replace('.','_',$modname)])
					DBQuery("DELETE FROM PROFILE_EXCEPTIONS WHERE PROFILE_ID='".$_REQUEST['profile_id']."' AND MODNAME='$modname'");
			
				if((!$_REQUEST['can_edit'][str_replace('.','_',$modname)] && $profile_RET[1]['PROFILE']=='admin') || !$_REQUEST['can_use'][str_replace('.','_',$modname)])
				{
					$update = "UPDATE PROFILE_EXCEPTIONS SET ";
					if(!$_REQUEST['can_edit'][str_replace('.','_',$modname)] && $profile_RET[1]['PROFILE']=='admin')
						$update .= "CAN_EDIT='N',";
					else
						$update .= "CAN_EDIT=NULL,";
					if(!$_REQUEST['can_use'][str_replace('.','_',$modname)])
						$update .= "CAN_USE='N'";
					else
						$update .= "CAN_USE=NULL";
					$update .= " WHERE PROFILE_ID='$_REQUEST[profile_id]' AND MODNAME='$modname'";
					DBQuery($update);
				}
				/*
				if(!count($featured_RET[$modname]) && $_REQUEST['featured'][str_replace('.','_',$modname)])
					DBQuery("INSERT INTO PORTAL_PROGRAMS (PROFILE_ID,MODNAME) values('".$_REQUEST['profile_id']."','".$modname."')");
				elseif(count($featured_RET[$modname]) && !$_REQUEST['featured'][str_replace('.','_',$modname)])
					DBQuery("DELETE FROM PORTAL_PROGRAMS WHERE PROFILE_ID='$_REQUEST[profile_id]' AND MODNAME='$modname'");
				*/
			}
		}
	}
	$exceptions_RET = DBGet(DBQuery("SELECT MODNAME,CAN_USE,CAN_EDIT FROM PROFILE_EXCEPTIONS WHERE PROFILE_ID='".$_REQUEST['profile_id']."'"),array(),array('MODNAME'));
	//$featured_RET = DBGet(DBQuery("SELECT PROFILE_ID,MODNAME FROM PORTAL_PROGRAMS WHERE PROFILE_ID='$_REQUEST[profile_id]'"),array(),array('MODNAME'));
	unset($_REQUEST['modfunc']);
	unset($_REQUEST['can_edit']);
	unset($_REQUEST['can_use']);
	unset($_REQUEST['featured']);
	unset($_SESSION['_REQUEST_vars']['can_edit']);
	unset($_SESSION['_REQUEST_vars']['can_use']);
	unset($_SESSION['_REQUEST_vars']['featured']);
	foreach($categories_RET as $category)
	{
		$file = 'Students/Student.php&category_id='.$category['ID'];
		unset($_FOCUS['Menu']['Students'][$file]);
	}					
}

if($_REQUEST['new_profile_title'] && AllowEdit())
{
	$id = DBGet(DBQuery("SELECT ".db_seq_nextval('USER_PROFILES_SEQ')." AS ID".FROM_DUAL));
	$id = $id[1]['ID'];
	unset($exceptions_RET);
	DBQuery("INSERT INTO USER_PROFILES (ID,TITLE,PROFILE) values('$id','".$_REQUEST['new_profile_title']."','".$_REQUEST['new_profile_type']."')");

	$_REQUEST['profile_id'] = $id;
	$profile_RET = DBGet(DBQuery("SELECT PROFILE FROM USER_PROFILES WHERE ID='".$_REQUEST['profile_id']."'"));
	if($profile_RET[1]['PROFILE']!=User('PROFILE'))
	{
		$old_profile = $_FOCUS['User'][1]['PROFILE'];
		$_FOCUS['User'][1]['PROFILE'] = $profile_RET[1]['PROFILE'];
		unset($_FOCUS['Menu']);
		unset($menu);
		include 'Menu.php';
		$_FOCUS['User'][1]['PROFILE'] = $old_profile;
	}
	unset($_REQUEST['new_profile_title']);
	unset($_SESSION['_REQUEST_vars']['new_profile_title']);
	unset($_REQUEST['new_profile_type']);
	unset($_SESSION['_REQUEST_vars']['new_profile_type']);
}

if($_REQUEST['modfunc']!='delete')
{
	if($_FOCUS['direction'])
		$arrow_right = 'arrow_left';
	else
		$arrow_right = 'arrow_right';
	echo "<FORM action=Modules.php?modname=$_REQUEST[modname]&modfunc=update&profile_id=$_REQUEST[profile_id] method=POST>";
	DrawHeader(_('Select the programs that users of this profile can use and which programs those users can use to save information.'),'<INPUT type=submit value='._('Save').'>');
	echo '<BR>';
	echo '<TABLE><TR><TD valign=top>';
	echo '<TABLE border=0 cellpadding=0 cellspacing=0>';
	$style = ' style="border:1; border-style: dashed none none none;"';
	$profiles_RET = DBGet(DBQuery("SELECT ID,TITLE,PROFILE FROM USER_PROFILES"));
	echo '<TR><TD colspan=2 style="border:1; border-style: none none solid none;"><b><small>'._('Profiles').'</small></b></TD></TR>';
	if(count($profiles_RET))
	{
		foreach($profiles_RET as $profile)
		{
			if($profile['ID']==$_REQUEST['profile_id'])
				echo '<TR id=selected_tr onmouseover="" onmouseout="" bgcolor="#'.Preferences('HIGHLIGHT').'" style="color:white;"><TD width=20 align='.ALIGN_RIGHT.$style.'>'.button('remove','',"Modules.php?modname=$_REQUEST[modname]&modfunc=delete&profile_id=$profile[ID]",20).'</TD><TD '.$style.' onclick="document.location.href=\'Modules.php?modname='.$_REQUEST['modname'].'&profile_id='.$profile['ID'].'\';">';
			else
				echo '<TR onmouseover=\'this.style.backgroundColor="#'.Preferences('HIGHLIGHT').'"; this.style.color="white";\' onmouseout=\'this.style.cssText="background-color:transparent; color:black;";\'><TD width=20 align='.ALIGN_RIGHT.$style.'>'.button('remove','',"Modules.php?modname=$_REQUEST[modname]&modfunc=delete&profile_id=$profile[ID]",20).'</TD><TD'.$style.' onclick="document.location.href=\'Modules.php?modname='.$_REQUEST['modname'].'&profile_id='.$profile['ID'].'\';">';
			echo '<A style="cursor:pointer;"><small>'.$profile['TITLE'].' &nbsp; </small></A>';
			echo '</TD>';
			echo '<TD'.$style.'><A style="cursor:pointer;"><IMG SRC=assets/'.$arrow_right.'.gif></A></TD>';
			echo '</TR>';
		}
	}
	if(!count($profiles_RET) || !$_REQUEST['profile_id'])
		echo '<TR id=selected_tr><TD height=0></TD></TR>';

	echo '<TR id=new_tr onmouseover=\'this.style.backgroundColor="#'.Preferences('HIGHLIGHT').'"; this.style.color="white";\' onmouseout=\'this.style.cssText="background-color:transparent; color:black;";\'><TD width=20 align='.ALIGN_RIGHT.$style.'>'.button('add','','',20).'</TD><TD'.$style.'>';
	echo '<A style="cursor:pointer;" onclick=\'document.getElementById("selected_tr").onmouseover="this.style.backgroundColor=\"#'.Preferences('HIGHLIGHT').'\"; this.style.color=\"white\";"; document.getElementById("selected_tr").onmouseout="this.style.cssText=\"background-color:transparent; color:black;\";"; document.getElementById("selected_tr").style.cssText="background-color:transparent; color:black;"; changeHTML({"new_id_div":"new_id_content"},["main_div"]);document.getElementById("new_tr").onmouseover="";document.getElementById("new_tr").onmouseout="";this.onclick="";\'><small> '._('Add a User Profile').' &nbsp;<BR><DIV id=new_id_div></DIV> </small></A>';
	echo '</TD>';
	echo '<TD'.$style.'><A style="cursor:pointer;"><IMG SRC=assets/'.$arrow_right.'.gif></A></TD>';
	echo '</TR>';
	
	echo '</TABLE>';
	echo '</TD><TD width=20></TD><TD width=75%>';
	echo '<DIV id=main_div>';
	if($_REQUEST['profile_id'])
	{
		PopTable('header',_('Permissions'),'width=100%');
		echo '<TABLE border=0 cellspacing=0 width=100%>';
		foreach($_FOCUS['Menu'] as $modcat=>$values)
		{
			if($profile_RET[1]['PROFILE']=='admin')
				$prefix = $modcat;
			else
			{
				switch($modcat)
				{
					case 'School_Information':
						$prefix = 'School_Setup';
					break;

					case 'My_Information':
						$prefix = 'Users';
					break;
					
					case 'My_Child':
						$prefix = 'Students';
					break;
					
					default:
						$prefix = $modcat;
					break;
				}
			}
			echo '<TR><TD valign=top align='.ALIGN_RIGHT.'>';

			switch($modcat)
			{
				case 'School_Setup':
					$localized_modcat = _('School Setup');
				break;
				
				case 'Students':
					$localized_modcat = _('Students');
				break;
				
				case 'Users':
					$localized_modcat = _('Users');
				break;
				
				case 'Grades':
					$localized_modcat = _('Grades');
				break;
	
				case 'School_Information':
					$localized_modcat = _('School Information');
				break;
	
				case 'My_Information':
					$localized_modcat = _('My Information');
				break;
	
				case 'My_Child':
					$localized_modcat = _('My Child');
				break;
				
				case 'Classes_&_Grades':
					$localized_modcat = _('Classes & Grades');
				break;
				
				case 'Attendance':
					$localized_modcat = _('Attendance');
				break;
	
				case 'Eligibility':
					$localized_modcat = _('Eligibility');
				break;
				
				case 'Discipline':
					$localized_modcat = _('Discipline');
				break;
				
				case 'Billing':
					$localized_modcat = _('Billing');
				break;
	
				case 'Reports':
					$localized_modcat = _('Reports');
				break;
				
				default:
					$localized_modcat = str_replace('_',' ',$modcat);
				break;
			}
			echo "<BR><b><font color=gray>".$localized_modcat."</font></b></TD><TD width=3>&nbsp;</TD>";
			echo "<TH bgcolor=#FFFFFF><small><font color=gray>"._('Can Use')."<INPUT type=checkbox name=controller_can_use_$prefix onclick='checkAll(this.form,this.form.controller_can_use_$prefix.checked,\"can_use[$prefix\");'></font></small></TH>".(($profile_RET[1]['PROFILE']=='admin')?"<TH bgcolor=#FFFFFF> &nbsp;<small><font color=gray>"._('Can Edit Data')."<INPUT type=checkbox name=controller_can_edit_$prefix onclick='checkAll(this.form,this.form.controller_can_edit_$prefix.checked,\"can_edit[$prefix\");'></font></small></TH>":'')."<TH bgcolor=#FFFFFF></TH></TR>";
			if($profile_RET[1]['PROFILE']=='admin')
				$colspan = 3;
			else
				$colspan = 2;
			if(count($values))
			{
				foreach($values as $file=>$title)
				{
					$can_edit = $can_use = 'CHECKED';
					if($exceptions_RET[$file][1]['CAN_EDIT']=='N')
						$can_edit = '';
					if($exceptions_RET[$file][1]['CAN_USE']=='N')
						$can_use = '';
					/*if($featured_RET[$file])
						$featured = 'CHECKED';
					else
						$featured = '';*/
		
					if(!is_numeric($file))
						echo "<TR><TD></TD><TD></TD><TD align=center bgcolor=#DDDDDD><INPUT type=checkbox name=can_use[".str_replace('.','_',$file)."] value=true $can_use></TD>".(($profile_RET[1]['PROFILE']=='admin')?"<TD align=center bgcolor=#DDDDDD><INPUT type=checkbox name=can_edit[".str_replace('.','_',$file)."] value=true $can_edit></TD>":'')."<TD bgcolor=#DDDDDD> &nbsp; &nbsp;$title</TD></TR><TR><TD></TD><TD></TD><TD colspan=$colspan height=1 bgcolor=#000000></TD></TR>";
					else
						echo '<TR><TD></TD><TD></TD><TD bgcolor=#FFFFFF colspan='.$colspan.' align=center><small><b>- '.$title.' -</b></small></TD></TR>';
		
					if($file=='Students/Student.php')
					{
						$categories_RET = DBGet(DBQuery("SELECT ID,TITLE FROM STUDENT_FIELD_CATEGORIES ORDER BY SORT_ORDER,TITLE"));
						foreach($categories_RET as $category)
						{
							$file = 'Students/Student.php&category_id='.$category['ID'];
							$can_edit = $can_use = 'CHECKED';
							if($exceptions_RET[$file][1]['CAN_EDIT']=='N')
								$can_edit = '';
							if($exceptions_RET[$file][1]['CAN_USE']=='N')
								$can_use = '';
							/*if($featured_RET[$file])
								$featured = 'CHECKED';
							else
								$featured = '';*/

							$title = ' &nbsp; &nbsp; &rsaquo; '.$category['TITLE'];
							echo "<TR><TD></TD><TD></TD><TD align=center bgcolor=#DDDDDD><INPUT type=checkbox name=can_use[".str_replace('.','_',$file)."] value=true $can_use></TD>".(($profile_RET[1]['PROFILE']=='admin')?"<TD align=center bgcolor=#DDDDDD><INPUT type=checkbox name=can_edit[".str_replace('.','_',$file)."] value=true $can_edit></TD>":'')."<TD bgcolor=#DDDDDD> &nbsp; &nbsp;$title</TD></TR><TR><TD></TD><TD></TD><TD colspan=$colspan height=1 bgcolor=#000000></TR>";
						}					
					}
		
				}
			}
			echo '<TR><TD colspan='.($colspan+2).' align=center height=20></TD></TR>';
		}
		echo '<TR><TD colspan='.($colspan+2).' align=center><INPUT type=submit value='._('Save').'></TD></TR></TABLE>';
		PopTable('footer');
	}
	echo '</DIV>';
	echo '</TD></TR></TABLE>';
	echo '</FORM>';
	echo '<DIV id=new_id_content style="position:absolute;visibility:hidden;">'._('Title').' <INPUT type=text name=new_profile_title><BR>'._('Type').'<SELECT name=new_profile_type><OPTION value=admin>'._('Administrator').'</OPTION><OPTION value=teacher>'._('Teacher').'</OPTION><OPTION value=parent>'._('Parents').'</OPTION><OPTION value=student>'._('Students').'</OPTION></SELECT></DIV>';
}
?>